Restore parameters of OCSP_REQ_CTX_new(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_i2d().
Fix a bug (wrong HTTP method selected on req == NULL in OCSP_sendreq_new().
Minor further fixes in OSSL_HTTP_REQ_CTX.pod
Fixes #13873
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13898)
#ifndef OPENSSL_NO_OCSP
-# ifndef OPENSSL_NO_DEPRECATED_3_0
-int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req)
-{
- return OSSL_HTTP_REQ_CTX_i2d(rctx, "application/ocsp-request",
- ASN1_ITEM_rptr(OCSP_REQUEST),
- (ASN1_VALUE *)req);
-}
-# endif
-
OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
- OCSP_REQUEST *req, int maxline)
+ const OCSP_REQUEST *req, int maxline)
{
- BIO *req_mem = HTTP_asn1_item2bio(ASN1_ITEM_rptr(OCSP_REQUEST),
- (ASN1_VALUE *)req);
- OSSL_HTTP_REQ_CTX *res =
- HTTP_REQ_CTX_new(io, io, 0 /* no HTTP proxy used */, NULL, NULL, path,
- NULL /* headers */, "application/ocsp-request",
- req_mem /* may be NULL */,
- maxline, 0 /* default max_resp_len */,
- 0 /* no timeout, blocking indefinite */, NULL,
- 1 /* expect_asn1 */);
- BIO_free(req_mem);
- return res;
+ OSSL_HTTP_REQ_CTX *rctx = NULL;
+
+ if ((rctx = OSSL_HTTP_REQ_CTX_new(io, io, 1 /* POST */,
+ maxline, 0 /* default max_resp_len */,
+ 0 /* no timeout, blocking indefinitely */,
+ NULL, 1 /* expect_asn1 */)) == NULL)
+ return NULL;
+
+ if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, NULL, NULL, path))
+ goto err;
+
+ if (req != NULL && !OSSL_HTTP_REQ_CTX_i2d(rctx, "application/ocsp-request",
+ ASN1_ITEM_rptr(OCSP_REQUEST),
+ (ASN1_VALUE *)req))
+ goto err;
+
+ return rctx;
+
+ err:
+ OSSL_HTTP_REQ_CTX_free(rctx);
+ return NULL;
}
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx)
#include <openssl/ocsp.h>
OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
- OCSP_REQUEST *req, int maxline);
+ const OCSP_REQUEST *req, int maxline);
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx);
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
- int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const char *content_type,
- const ASN1_ITEM *it, ASN1_VALUE *req);
+ int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req);
int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx,
const char *name, const char *value);
- void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+ void OCSP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
void OCSP_set_max_response_length(OCSP_REQ_CT *rctx,
unsigned long len);
- int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
+ int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req);
=head1 DESCRIPTION
-These functions perform an OCSP request / response transfer over HTTP, using
-the HTTP request functions described in L<OSSL_HTTP_REQ_CTX(3)>.
+These functions perform an OCSP POST request / response transfer over HTTP,
+using the HTTP request functions described in L<OSSL_HTTP_REQ_CTX(3)>.
The function OCSP_sendreq_new() builds a complete B<OSSL_HTTP_REQ_CTX>
structure using connection B<BIO> I<io>, the URL path I<path>, the OCSP
-request I<req> and with a response header maximum line length of I<maxline>.
-If I<maxline> is zero a default value of 4k is used. The OCSP request I<req>
-may be set to NULL and provided later with L<OSSL_HTTP_REQ_CTX_i2d(3)> if
-required.
+request I<req>, and with a response header maximum line length of I<maxline>.
+If I<maxline> is zero a default value of 4k is used.
+The I<req> may be set to NULL and provided later using OCSP_REQ_CTX_set1_req()
+or L<OSSL_HTTP_REQ_CTX_i2d(3)> .
The I<io> and I<path> arguments to OCSP_sendreq_new() correspond to the
components of the URL.
It does not support setting a timeout or adding headers and is retained
for compatibility; use OCSP_sendreq_nbio() instead.
+OCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following:
+
+ OSSL_HTTP_REQ_CTX_i2d(rctx, "application/ocsp-request", it, req)
+
OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:
OSSL_HTTP_REQ_CTX_i2d(rctx, "application/ocsp-request",
The other deprecated type and functions have been superseded by the
following equivalents:
B<OCSP_REQ_CTX> by L<OSSL_HTTP_REQ_CTX(3)>,
-OCSP_REQ_CTX_i2d() by L<OSSL_HTTP_REQ_CTX_i2d(3)>,
OCSP_REQ_CTX_add1_header() by L<OSSL_HTTP_REQ_CTX_add1_header(3)>,
OCSP_REQ_CTX_free() by L<OSSL_HTTP_REQ_CTX_free(3)>, and
OCSP_set_max_response_length() by
=head1 SEE ALSO
-L<crypto(7)>,
+L<OSSL_HTTP_REQ_CTX(3)>
L<OCSP_cert_to_id(3)>,
L<OCSP_request_add1_nonce(3)>,
L<OCSP_REQUEST_new(3)>,
OSSL_HTTP_REQ_CTX_sendreq_d2i,
OSSL_HTTP_REQ_CTX_get0_mem_bio,
OSSL_HTTP_REQ_CTX_set_max_response_length
-- HTTP request functions
+- HTTP client low-level functions
=head1 SYNOPSIS
HTTP header C<Content-Length> is automatically filled out, and if
I<content_type> isn't NULL, the HTTP header C<Content-Type> is also added with
its content as value. All of this ends up in the internal memory B<BIO>.
-This requires that the request type be C<POST>,
-i.e., that I<method_POST> is 1 in the OSSL_HTTP_REQ_CTX_new() call.
+This requires that I<method_POST> was 1 in the OSSL_HTTP_REQ_CTX_new() call.
OSSL_HTTP_REQ_CTX_nbio() attempts the exchange of request and response via HTTP,
using the I<rbio> and I<wbio> that were given in the OSSL_HTTP_REQ_CTX_new()
OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path,
- OCSP_REQUEST *req, int maxline);
+ const OCSP_REQUEST *req, int maxline);
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OSSL_HTTP_REQ_CTX *rctx);
# ifndef OPENSSL_NO_DEPRECATED_3_0
typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
-OSSL_DEPRECATEDIN_3_0
-int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req);
-
-# define OCSP_REQ_CTX_new(wb, rb, m, ml, mrl, t, ect, ea) \
- OSSL_HTTP_REQ_CTX_new(wb, rb, m, ml, mrl, t, ect, ea)
+# define OCSP_REQ_CTX_new(io, maxline) \
+ OSSL_HTTP_REQ_CTX_new(io, io, 1, maxline, 0, 0, NULL, 1)
# define OCSP_REQ_CTX_free(r) \
OSSL_HTTP_REQ_CTX_free(r)
-# define OCSP_REQ_CTX_http(r, s, p, path) \
- OSSL_HTTP_REQ_CTX_set_request_line(r, s, p, path)
+# define OCSP_REQ_CTX_http(rctx, op, path) \
+ OSSL_HTTP_REQ_CTX_set_request_line(rctx, NULL, NULL, path)
# define OCSP_REQ_CTX_add1_header(r, n, v) \
OSSL_HTTP_REQ_CTX_add1_header(r, n, v)
-# define OCSP_REQ_CTX_i2d(r, c, i, req) \
- OSSL_HTTP_REQ_CTX_i2d(r, c, i, req)
+# define OCSP_REQ_CTX_i2d(r, i, req) \
+ OSSL_HTTP_REQ_CTX_i2d(r, "application/ocsp-request", i, req)
# define OCSP_REQ_CTX_nbio(r) \
OSSL_HTTP_REQ_CTX_nbio(r)
# define OCSP_REQ_CTX_nbio_d2i(r, i) \
OSSL_HTTP_REQ_CTX_get0_mem_bio(r)
# define OCSP_set_max_response_length(r, l) \
OSSL_HTTP_REQ_CTX_set_max_response_length(r, l)
+# define OCSP_REQ_CTX_set1_req(r, req) \
+ OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req))
# endif
OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
CRYPTO_128_wrap 3404 3_0_0 EXIST::FUNCTION:
X509_STORE_set_lookup_crls 3405 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_meth_get_ctrl 3406 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0
-OCSP_REQ_CTX_set1_req 3407 3_0_0 EXIST::FUNCTION:DEPRECATEDIN_3_0,OCSP
CONF_imodule_get_usr_data 3408 3_0_0 EXIST::FUNCTION:
CRYPTO_new_ex_data 3409 3_0_0 EXIST::FUNCTION:
PEM_read_PKCS8_PRIV_KEY_INFO 3410 3_0_0 EXIST::FUNCTION:STDIO
OCSP_REQ_CTX_free define deprecated 3.0.0
OCSP_REQ_CTX_i2d define deprecated 3.0.0
OCSP_set_max_response_length define deprecated 3.0.0
+OCSP_REQ_CTX_set1_req define deprecated 3.0.0
OPENSSL_FILE define
OPENSSL_FUNC define
OPENSSL_LINE define